Security News

ScreenConnect servers hacked in LockBit ransomware attacks
2024-02-22 18:34

Attackers are exploiting a maximum severity authentication bypass vulnerability to breach unpatched ScreenConnect servers and deploy LockBit ransomware payloads on compromised networks. Today, Sophos X-Ops revealed that threat actors have been deploying LockBit ransomware on victims' systems after gaining access using exploits targeting these two ScreenConnect vulnerabilities.

New Migo malware disables protection features on Redis servers
2024-02-20 19:38

Security researchers discovered a new campaign that targets Redis servers on Linux hosts using a piece of malware called 'Migo' to mine for cryptocurrency. Hackers are always looking for exposed and potentially vulnerable Redis servers to hijack resources, steal data, and other malicious purposes.

New Migo Malware Targeting Redis Servers for Cryptocurrency Mining
2024-02-20 15:20

A novel malware campaign has been observed targeting Redis servers for initial access with the ultimate goal of mining cryptocurrency on compromised Linux hosts. "This particular campaign involves...

Over 28,500 Exchange servers vulnerable to actively exploited bug
2024-02-19 18:46

Up to 97,000 Microsoft Exchange servers may be vulnerable to a critical severity privilege escalation flaw tracked as CVE-2024-21410 that hackers are actively exploiting. Currently, 28,500 servers have been identified as being vulnerable.

Microsoft says it fixed a Windows Metadata server issue that’s still broken
2024-02-15 20:03

Microsoft claims to have fixed Windows Metadata connection issues which continue to plague customers, causing problems for users trying to manage their printers and other hardware. When new hardware is added to a Windows computer, the operating system connects to a Microsoft-operated website called the Windows Metadata and Internet Services to download metadata packages associated with the particular hardware.

Critical Exchange Server Flaw (CVE-2024-21410) Under Active Exploitation
2024-02-15 05:19

Microsoft on Wednesday acknowledged that a newly disclosed critical security flaw in Exchange Server has been actively exploited in the wild, a day after it released fixes for the vulnerability as...

Just one bad packet can bring down a vulnerable DNS server thanks to DNSSEC
2024-02-13 23:27

A 20-plus-year-old security vulnerability in the design of DNSSEC could allow a single DNS packet to exhaust the processing capacity of any server offering the system for domain-name resolution, effectively disabling the machine. Yes, a single DNS packet can take out a remote DNSSEC server.

CISA: Roundcube email server bug now exploited in attacks
2024-02-12 19:03

CISA warns that a Roundcube email server vulnerability patched in September is now actively exploited in cross-site scripting attacks. The security flaw is a persistent cross-site scripting bug that lets attackers access restricted information via plain/text messages maliciously crafted links in low-complexity attacks requiring user interaction.

February 2024 Patch Tuesday forecast: Zero days are back and a new server too
2024-02-09 06:24

Microsoft introduced the update process called 'flighting' for these preview builds, allowing automatic or manual in-place updates approximately every two weeks without needing a new install every time. Google released the Stable Channel updates 120.0.6099.234 for Mac, 120.0.6099.224 for Linux, and 120.0.6099.224/225 to Windows back on January 16.

On-premises JetBrains TeamCity servers vulnerable to auth bypass (CVE-2024-23917)
2024-02-07 10:29

JetBrains has patched a critical authentication bypass vulnerability affecting TeamCity On-Premises continuous integration and deployment servers. CVE-2024-23917 could allow an unauthenticated threat actor with HTTP(S) access to a TeamCity server to bypass authentication controls and gain administrative privileges on the server.